I am looking for an accurate setup guide for Vault server. I am following the official doc and it is not working. It seems that you have to have consul, is that correct? The system unit file (for startup) does not even work!??!?!
I am new to vault and I just want to stay it up on a standalone server to play. This cannot be this difficult. Any help is much appreciated!
since version 1.4 you don’t have to have Consul. you can use the internal raft storage.
… and just to play around, you could always startup in dev
mode ?!?
I would like to set this up to be used with my ansble environment. I would love to just set up a “real” server.
Could you provide log files, outputs or some more informations than “the unit file is not working”?
First match at Google vault setup guide centos
:
If you only want to build one server, you don’t need raft or consul as a backend. Using the file system as storage backend should be sufficient for this and simplifies the whole in the basic structure.
1 Like
I just signed up for a free trial with a license. The documentation is:
This generates the help file? Is it me or is the documentation lacking?
You should use the learn guides first
Starting the Vault server is vault server
not just vault
.
You don’t need a license unless you want to use the enterprise features.
Hey there thanks for your response! Here is my config file:
listener “tcp” {
address = “127.0.0.1:8200”
tls_disable = 1
}
I guess I need to have a “storage block”. I wan to just run this as a POC server and use my local linux fs for storage. How do I do that?
storage "file" {
path = "/mnt/vault/data"
}
Here is another example of lacking documentation. Under the “seal documentation” on site https://learn.hashicorp.com/vault/operations/ops-deployment-guide. They reference:
seal “pkcs11” { lib = “/usr/vault/lib/libCryptoki2_64.so” slot = “0” pin = “AAAA-BBBB-CCCC-DDDD” key_label = “vault-hsm-key” hmac_key_label = “vault-hsm-hmac-key” }
Where do I get the file from? Every direction I turn I find holes in the documentation. Any help is much appreciated as I am about ready to give up on this product and find another that has accurate documentation.
I expect a CentOS 7 user would be much happier with an rpm:
https://copr.fedorainfracloud.org/coprs/boeroboy/hashicorp/
Dave
Sorry about leaving you hanging. The issue was with the version of systems, it didn’t support some of the options. I updated my Amazon AMI and it worked. I now have it up and running and am getting through the various concepts.
thanks for all your help.
1 Like
Here is another example of lacking documentation. Under the “seal documentation” on site https://learn.hashicorp.com/vault/operations/ops-deployment-guide . They reference:
seal “pkcs11” { lib = “/usr/vault/lib/libCryptoki2_64.so” slot = “0” pin = “AAAA-BBBB-CCCC-DDDD” key_label = “vault-hsm-key” hmac_key_label = “vault-hsm-hmac-key” }
Where do I get the file from? Every direction I turn I find holes in the documentation. Any help is much appreciated as I am about ready to give up on this product and find another that has accurate documentation.
Hi & welcome -
The learn article has the Seal doc linked right above that example stanza, where you will find:
If you’re doing an evaluation to “play” as you mention, I’d recommend skipping the HSM. Maybe a cloud unseal that is within the OSS license? Do you have requirements set out that you want to test/validate with Vault? HSM would be an advanced setup and architecture, which is more organizational compliance related vs use case validation.
1 Like
Previously I have successfully integrated vault with HSM which was password enabled and was up and running.
I am at remote location connected to network , trying to start Vault Server integrated with Ped enabled HSM device.
I have added HSM configurations in vault Config file but didn’t know what should I set pin inorder to access HSM from Vault server.
I have tried entering admin pwd, Crypto officer pin and ped device attached to the HSM but still I am unable to start vault.
error parsing Seal configuration: error fetching session to test HSM key configuration: error logging in to HSM: pkcs11: 0x80000028
2021-07-13T05:39:54.367-0400 [INFO] proxy environment: http_proxy="" https_proxy="" no_proxy=""
config:
{
“pkcs11”: {
“generate_key”: “true”,
“hmac_key_label”: “HashiCorp_hmac”,
“key_label”: “HashiCorp”,
“lib”: “/opt/vault/hsm/libCryptoki2_64.so”,
“pin”: “xxxxx”,
“slot”: “1”
}
}
]
Any Suggestions Please!..